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Q Abstract 

^ For synchronous point-to-point n-node networks of undirected links, it has been previously 

shown that, to achieve consensus in presence of up to / Byzantine faults, the following two 
conditions on the underlying communication graph are together necessary and sufficient: (i) 
n > 3/ + 1 and (ii) network connectivity greater than 2/. The first condition, that is, n > 3/ + 1, 
is known to be necessary for directed graphs as well. So far, tight necessary and sufficient 

condition for Byzantine consensus in directed graphs has not been developed. 

This paper presents tight necessary and sufficient condition for achieving Byzantine consensus 
lO in synchronous networks that can be represented as directed graphs. We provide a constructive 

qq proof of sufficiency by presenting a new Byzantine consensus algorithm for directed graphs. 

Further work is needed to improve the message overhead of Byzantine consensus in directed 
graphs. 
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1 Introduction 



In a network of n nodes with up to / Byzantine faulty nodes, it is well-known that the following two 
conditions together are both necessary and sufficient for the existence of exact Byzantine consensus 
algorithms [3 [2] in networks of undirected links (i.e., undirected graphs). 

• > 3/ + 1, and 

• The connectivity of the underlying communication graph is at least 2/ + 1. 

In this work, we consider algorithms for achieving exact Byzantine consensus in synchronous 
point-to-point networks that are modeled by arbitrary directed graphs, i.e., the communication 
between two neighboring nodes is not necessarily bi-directional. Consider a network of n nodes, 
of which at most / nodes may be Byzantine faulty. We assume that each node is given an initial 
input in {0,1}. The Byzantine consensus algorithms of interest must satisfy the following three 
properties, where Xi denotes node i's input: 

• Termination: every fault-free node i eventually decides on an output value 

• Agreement: the output values of all the fault-free nodes are equal, i.e., there exists y such 
that, for every fault-free node i, yi = y. 

• Validity: for every fault-free node i, there exists a fault-free node k such that the output 
value yi = x^. 

2 System Model 

Communication model: The system is assumed to be synchronous. The synchronous communication 
network consisting of n nodes is modeled as a simple directed graph G(V,£), where V is the set 
of n nodes, and £ is the set of directed edges between the nodes in V. We assume that n > 2, 
since the consensus problem for n = 1 is trivial. Node i can transmit messages to another node j if 
and only if the directed edge (i,j) is in £. Each node can send messages to itself as well, however, 
for convenience, we exclude self-loops from set £. That is, £ for i 6 V. With a slight 

abuse of terminology, we will use the terms edge and link, and similarly the terms node and vertex, 
interchangeably. 

All the links (i.e., communication channels) are reliable, FIFO (first-in first-out) and deliver 
each transmitted message exactly once. When node i wants to send message M on link to 
node j, it puts the message M in a send buffer for link (i, j). No further operations are needed 
at node i; the mechanisms for implementing reliable, FIFO and exactly-once semantics are trans- 
parent to the nodes. When a message is delivered on link it becomes available to node j in 
a receive buffer for link (i,j). As stated earlier, the communication network is synchronous, and 
each message sent on link (i, j) is delivered to node j within a bounded interval of time. 

Failure Model: We consider the Byzantine failure model, with up to / nodes becoming faulty. 
A faulty node may misbehave arbitrarily. Possible misbehavior includes sending incorrect and 
mismatching (or inconsistent) messages to different neighbors. The faulty nodes may potentially 
collaborate with each other. Moreover, the faulty nodes are assumed to have a complete knowledge 
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of the execution of the algorithm, including the states of all the nodes, contents of messages the 
other nodes send to each other, the algorithm specification, and the network topology. 



3 Terminology 

Upper case italic letters are used to name subsets of V, and lower case italic letters are used to 
name nodes in V. 

Incoming neighbors: 

• Node i is said to be an incoming neighbor of node j if £ £ ■ 

• For set B C V, node i is said to be an incoming neighbor of set B if i £" B, and there exists 
j £ B such that £ £. 

• Set B is said to have k incoming neighbors in set A if set A contains k distinct incoming 
neighbors of B. 

Directed paths: All paths used in our discussion are directed paths. 

• Paths from a node i to another node j: 

- An "(i, j)-path" is a directed path from node i to node j. 

— An "(i,j)-path excluding A" is a directed path from node i to node j that does not 
contain any node from set X. 

— Two paths from node i to node j are said to be "disjoint" if the two paths only have 
nodes i and j in common, with all remaining nodes being distinct. 

- The phrase u d disjoint (i, j)-paths" refers to d pairwise disjoint paths from node % to 
node j. 

- The phrase u d disjoint (i, j)-paths exluding X" refers to d pairwise disjoint (i, j)-paths 
that do not contain any nodes in set X. 

• Every node i trivially has a path to itself. That is, for all i £ V, (i, i)-path exists excluding 

v-{<}. 

• Paths from a set S to node j g" S: 

- A path is said to be an "(5, j)-path" if it is an (i, j)-path for some i £ S. 

- An "(S 1 , j)-path excluding A" is a (S, j)-path that does not contain any node from set 
A. 

— Two (S, j)-paths are said to be "disjoint" if the two paths only have node j in common, 
with all remaining nodes being distinct (including the first nodes on the paths). 

— The phrase "d disjoint (S, j')-paths" refers to d pairwise disjoint (S, j)-paths. 

— The phrase u d disjoint (S, j)-paths exluding A" refers to d pairwise disjoint (S, j)-paths 
that do not contain any nodes from set A. 
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Note that two disjoint (i,j)-paths are not disjoint ({i}, j)-paths. d disjoint (A, j)-paths can 
possibly exist for set A only if \A\ > d. 

For a directed path from node i to node j, node i will be called the "source" node on the path. 
Thus, for given d disjoint (^4, 6)-paths there are d distinct source nodes, all of which belong to A. 



4 Necessary Condition 

For a correct Byzantine consensus algorithm to exist, the networks graph G(V, £) must satisfy the 
necessary condition proved in this section. We state the necessary condition in two different forms 
in this section, and show that the two forms are equivalent. Later in Theorem [4] (in Section [5]) we 
will state the necessary condition in a different form. 

4.1 Necessary Condition: First Version 

Relations =4> and ^> below are used frequently in our discussion. 
Definition 1 For disjoint set^ of nodes A and B, where B is non-empty: 

• A ^ B iff set A contains at least f + 1 distinct incoming neighbors of B. 
That is, | {i \ £ £, i £ A, j <E B} \ > f . 

• A^> B iff A^ B is not true. 

Note that when A = and B ^ <£, we have 

A^B 

Theorem 1 Suppose that a correct Byzantine consensus algorithm exists for G(V,S). For any 
partitioi^L, R,C, F ofV, such that both L and R are non-empty, and \F\ < f, either LUC =4> R, 
orRuC^L. 



Proof: The proof is presented in Appendix |A} □ 
4.2 Necessary Condition: Second Version 

Definition 2 Given a partition A, B, F ofV such that \F\ < f , set A is said to propagate in V — F 
to set B if either (i) B = <3>, or (ii) for each node b G B, there exist at least f+1 disjoint (A, b)-paths 
excluding F. 

We will denote the fact that set A propagates in V — F to set B by the notation 

A V ^ F B 

V—F 

When it is not true that A ~~> B, we will denote that fact by 

V-F 

A B 



1 Sets A and B are said to be disjoint if A n B — $. As per this definition, any set A is disjoint with empty set 
2 Sets Xl, X2, X3, X p are said to form a partition of set X provided that (i) Ui<i< p Xi — X, and (ii) XtDXj — $ 
if i / j. 
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Lemma 1 Given a partition A,B,F of V such that B is non-empty, and \F\ < f , if A ~~» B, 
then size of A must be at least f + 1 . 

Proof: By definition, there must be at least / + 1 disjoint (A, 6)-paths excluding F for each b 6 B. 
Each of these / + 1 disjoint paths will have a distinct source node in A, Therefore, such / + 1 
disjoint paths can only exist if A contains at least / + 1 distinct nodes. □ 

We now state the second form of the necessary condition. 
Theorem 2 Suppose that a correct Byzantine consensus algorithm exists for G(V,£). Then for 

V—F 

any partition A,B,F ofV, where A and B are both non-empty, and \F\ < f, either A B or 

„ V-F . 
B ~» A. 

Proof: Suppose that a correct Byzantine consensus algorithm exists for G(V,£). Therefore, G 
must satisfy the condition in Theorem [TJ Theorem [2] is proved below using Lemmas [2] through 
[4j Lemmas [2] through [4] together prove that the condition in Theorem [I] implies the condition in 
Theorem [2j □ 

Lemma 2 Assume that the condition in Theorem^ holds for G(V,£). For any partition A,B,F 
ofV, where A is non-empty, and \F\ < f, if B ^> A, then A B. 

Proof: If B = <£, then by Definition [2j the lemma is trivially true. In the rest of this proof, 
assume that B ^ 

Add a new (virtual) node v to graph G, such that, (i) v has no incoming edges, (ii) v has an 
outgoing edge to each node in A, and (iii) v has no outgoing edges to any node that is not in A. 
Let G +v denote the graph resulting after the addition of v to G(V,£) as described above. 

We want to prove that A B. EquivalentlyJ^] we want to prove that, in graph G+ v , for each 
b £ B, there exist / + 1 disjoint (v, 6)-paths excluding F. We will prove this claim by contradiction. 

V-F 

Suppose that A ■/> B, and therefore, there exists a node b £ B such that there are at most / 
disjoint (v, b) paths excluding F in G+ v . By construction, there is no direct edge from v to b. Then 
Menger's theorem [8] implies that there exists a set Fi C [A U B) — {b} with |i<i| < /, such that, 
in graph G +v , there is no (v, 6)-path excluding FU F\. In other words, all (v, 6)-paths exluding F 
contain at least one node in F\. 

Let us define the following sets L,R,C: 
• L = A. 

L is non-empty, because A is non-empty. 

o V—F V—F 

Justification: Suppose that A ~> B. By the definition of A ~> B, for each b £ B, there exist at least / + 1 
disjoint (A, 6)-paths excluding F - these paths only share node b. Since v has outgoing links to all the nodes in A, 
this implies that there exist / + 1 disjoint (v, 6)-paths excluding F in G+„ - these paths only share nodes v and b. 
Now, let us prove the converse. Suppose that there exist / + 1 disjoint (v, 6)-paths excluding F in G+ v . Node v has 
outgoing links only to the nodes in A, therefore, from the (/ + 1) disjoint (v, 6)-paths excluding F, if we delete node 
v and its outgoing links, then the shortened paths are disjoint (A, 6)-paths excluding F. 
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• R = { i \ i £ B — F\ and there exists (i, 6)-path excluding FUFi}. 

Thus, R<ZB-Fi<ZB. 

Note that b £ R. Thus, R is non-empty. 

• C = B-R. 

Thus, C C B. Since R C B, it follows that RUC = B. 

Observe that L, i?, C are disjoint sets, and LU RL) C = AL) B. Since set F\ C A U B, L = A, and 
R D i*i = we have i*i C LUC, and Fi fl B C C. Thus, set C can be partitioned into disjoint 
sets Si and -E>2 such that 

• Bx = C n Ft = B n Fi C C C 5, and 

• B 2 = C-B 1 <ZC<^B. Note that B 2 DF l = $. 
We make the following observations: 

• For any x £ A — F\ = L — F\ and y £ R, (x, y) £ 

Justification: Recall that virtual node u has a directed edge to x. If edge (x, y) were to exist 
then there would be a (v, 6)-path via nodes x and y excluding FL) F\ (recall that y has a path 
to b excluding F U F\). This contradicts the definition of set F± . 

• For any p £ B 2 , and q £ R, (p, q) $ S 

Justification: If edge (p, q) were to exist, then there would be a (p, 6)-path via node q excluding 
F U Fx, since q has a (q, 6)-path excluding F U F\. Then node p should have been in R by 
the definition of R. This is a contradiction to the assumption that p £ B 2 , since B 2 n i? C 
Cni? = 

Thus, all the incoming neighbors of set R are contained in F U Fx (note that i 7 ! = (AD Fx)U Bx). 
Recall that FiQLuC. Since < /, it follows that 

LUC^R (1) 

By assumption in the lemma, B A. By definitions of L, R, C above, we have A = L and 
B = CUR. Thus, 

CUR^L (2) 

contradict the condition in Theorem [l] Thus, we have proved that A B. □ 

Lemma 3 Assume that the condition in Theorem^holds for G(V, £). Consider a partition A, B, F 

V-F 

ofV, where A,B are both non-empty, and \F\ < f '. If B A then there exist A' and B' such 

• A' and B' are both non-empty, 

• A' and B' form a partition of AL) B, 

• A' C A and B C B' , and 

• B' £ A'. 
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V-F 



Proof: Suppose that B A. 

Add a new (virtual) node w to graph G, such that, (i) w has no incoming edges, (ii) w has an 
outgoing edge to each node in B, and (hi) w has no outgoing edges to any node that is not in B. 
Let G +w denote the graph resulting after addition of w to G(V, £) as described above. 



Since B A, for some node a £ A there exist at most / disjoint (B, a)-paths excluding F. 
Therefore, there exist at most / disjoint (w, a)-paths excluding F in Also by construction, 

(w,a) £. Then, by Menger's theorem jS], there must exist F x C (A U B) — {a}, \Fi\ < f, such 
that, in graph G +w , all (w, a)-paths excluding F contain at least one node in F x . 

Define the following sets (also recall that V — F = Au B): 

• L = { i \ i £ V — F — F± and there exists an (i, a)-path excluding F U F x } 

• R = { j \ j £ V — F — F% and there exists in G+ w a (w, J)-path excluding F U F x } 
Set R contains B — F x since all nodes in B have edges from w. 

• C = V - F - L - R = (AU B) - L - R. Observe that F x C C (because nodes of F x are not 
in L U R). Also, by definition of C, sets C and L U R are disjoint. 

Observe the following: 

• Sets L and R are disjoint, and set L O A — F\ C\ A. 

Justification: F\ n L = F\ n i? = <3?. By definition of i 7 !, all (u>, a)-paths excluding i* 1 contain 
at least one node in F\. If L n i? were to be non-empty, we can find a (to, a)-path excluding 
F U -Fi , which is a contradiction. 

Note that V — F — F\ = (AUB) — F\\ therefore, L C (^4 U B) - F x . B - F x C i?, since all nodes 
in Z? — i 7 ! have links from to. Since L and are disjoint, it follows that (B — F x ) n L = 
and therefore, (A - Fi) D L = L; that is, L C A - F x C A. 

• For any x £ C — F x and y £ L, (x, y) £. 

Justification: If such a link were to exist, then x should be in L, which is a contradiction 
(since C,L are disjoint). 

• There are no links from nodes in R to nodes in L. 

Justification: If such a link were to exist, it would contradict the definition of F x , since we 
can now find a (w, a)-path excluding F U F x . 



Thus, all the incoming neighbors of set L must be contained within F U F x . Recall that F x C C 
and |Fi| < /. Thus, 



Now define, A' = L, B' = RU C. Observe the following: 

• A 1 and B 1 form a partition of A U B. 

Justification: L, R, C are disjoint sets, therefore A' = L and B 1 = R U C are disjoint. By the 
definition of sets L, R, C it follows that A' U B' = L U (R U C) = V - F = A U B. 



V-F 




(3) 



4 See footnote [3] 
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• A! is non-empty and A! C A. 

Justification: By definition of set L, set L contains node a. Thus, A' = L is non-empty. We 
have already argued that LCi. 

• B' is non-empty and B C B' . 

Justification: Recall that L, R, C are disjoint. Thus, by definition of C, RUC = (AU B) — L. 
Since L C A, it follows that B C R U C = B' . Also, since -B is non-empty, -B' is also 
non-empty. 

• B'^A' 

Justification: Follows directly from ([3]), and the definition of A',B'. 
This concludes the proof. □ 



Lemma 4 The condition in Theorem [I] implies the condition in Theorem 

Proof: Assume that the condition in Theorem[l]is satisfied by graph G(V, £) . Consider a partition 
of A, B, F of V such that A, B are non-empty and \F\ < f. Then, we must show that either A ^ B 
or B A. 

Consider two possibilities: 

p> 

• B ~* A: In this case the proof is complete. 

v-f n 

• B A: Then by Lemma |3] there exist non-empty sets A', B' that form a partition of AuB 
such that A 1 (1 A, B C B' , and 5' ^> A'. Lemma bl then implies that A' B' . Since 
A' C A and AU B = A' U B' , it follows that A V -^ F b\ 

□ 

Lemma 5 The condition in Theorem [^| implies the condition in Theorem [7} 

Proof: We will prove that the statement by proving that if the condition in Theorem [T] is violated, 
then the condition in Theorem [2] is violated as well. 

Suppose that the condition in Theorem [T] is violated. Then there exists a partition L,R,C,F 
of V such that L, R are both non-empty, \F\ < f, 

LUC ^ R 

and 

RUC 4 L. 

5 Explanation: Since A' V w F B' , for each b G B', there exist / + 1 disjoint (A' , 6)-paths excluding F. Since B C B' , 
it then follows that, for each b £ _B C B' there exist / + 1 disjoint (A',&)-paths excluding f\ Since A' C A, and 
F n A = $, each (A' , 6)-path excluding F is also a (A, &)-path excluding F. Thus, for each b € B there exist / + 1 
disjoint (A, fe)-paths excluding F. This implies that A V ~> F B. 
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Since LUC 7I- R, for any node r £ R, there exists a set F r , \F r \ < f, such that all the (LUC, r)- 
paths excluding F contain at least one node in F r . Since L is a subset of L U C, Menger's theorem 
[8] implies that there are at most / disjoint (L, r)-paths excluding F. Since r £ R U C, 

V-F 
L RUC 

Similarly, since RUC L, for any node I € L, there exists a set i 7 }, |i^| < /, such that all the 
(]?U C, Z)-paths excluding F contain at least one node in F{. Menger's theorem [Sj then implies 
that there are at most / disjoint (R U C, Z)-paths excluding F. Thus, 

V-F 

RUC L 

Define A = L, and B = R(J C . Thus, A, B, F is a partition of V such that \F\ < f and A, B are 

V—F V-F 

non-empty. The two conditions derived above imply that A B and B A, violating the 
condition in Theorem [2j □ 



Lemmas |4] and [5] imply that the conditions in Theorems [T] and [2] are equivalent. 
4.3 Corollaries 

Corollary 1 Suppose that a correct Byzantine consensus algorithm exists for G(V,£). Then size 
of set V (i.e., n) must be at least 3/ + 1. 

Since n > 3/ + 1 is a necessary condition for Byzantine consensus for undirected graphs [5], it 
follows that n > 3/ + 1 is also necessary for directed graphs. This necessary condition can also be 
derived from Theorem [T] as follows. 

Proof: For / = 0, the corollary is trivially true. Now consider / > 0. The proof is by contradic- 
tion. Suppose that n < 3/. As stated previously, we assume n > 2, since consensus for n = 1 is 
trivial. Partition V into three subsets L,R,F such that \F\ < f, < \L\ < f, and < \R\ < f. 
Such a partition can be found because 2 < |V| < 3/. Define C = <J>. Since L, R are both non-empty, 
and contain at most / nodes each, we have LU C 7^ R and RU C ^ L, violating the condition in 
Theorem [TJ □ 

Corollary 2 For f > 0, suppose that a correct Byzantine consensus algorithm exists for G(V,£). 
Then each node must have at least 2/ + 1 incoming neighbors. 

Proof: The proof is by contradiction. Suppose that for some node i, the number of incoming 
neighbors of i is at most 2f. Partition V — {i} into two sets L and F such that L is non-empty and 
contains at most / incoming neighbors of i, and \F\ < f. It should be easy to see that such L, F 
can be found. 

Define C = $ and R = {i}. Then, since / > and \R\ = 1, it follows that 

RUC 
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Also, since L contains at most / incoming neighbors of node i, and set R contains only node i, 

LUC ^ R 

The above two conditions violate the condition in Theorem [TJ □ 



Corollary 3 For / > 0, suppose that the graph G(V,£) satisfies the condition in Theorem^ and 
|V|=rz = 3/ + l. Then for any pair of nodes i, j 6 V ', either (i, j) ££ , or there exist at least 2/ + 1 
disjoint (i, j) -paths in G(V,£). 

Proof: The proof is by contradiction. Suppose that there exist two nodes i and j such that 
£ £, and there are at most 2f node-disjoint paths from i to j in G. Then according to 
Menger's theorem [S], there must exist a set of nodes PC V - ({«'} U {j}) such that \P\ < 2f, and 
all (z, j)-paths contain at least one node in P. 

Define sets X C V - P, Y C V - P and Z as follows: 

• k € X iff there exists a (i, fc)-path excluding P. i £ X; thus X is non-empty. 

• k € Y iff there exists a (fc,j)-path excluding P. j G Y; thus Y is non-empty. 

• Z = V - X - Y - P. 

Observe that P is disjoint from X, Y, Z by definition, and Z is disjoint from X, Y, P also by 
definition. Now, we show that X and Y are disjoint. Suppose they are not disjoint, then there 
exists a node x £ X (~)Y . Then, by definition of X and Y, there exists a (i,j)-path excluding P 
via x, violating the definition of P. Thus, X n Y = 4>. Hence, X, Y, Z, P form a partition of V. 
Observe that there are no links from nodes in X to nodes in Yj^jno links from nodes in Z to nodes 
in Y^jand no links from X to nodes in Zj^] 

Consider the following cases: 

• |Y| < / : In this case, define F to be a subset of V such that \F\ = /, and if |P| > f then 
F C P, else P C P. Define P = Y, L = V - P - R, and C = $. By definition of X, Y, P it 
follows that all the incoming neighbors of R are either in P n P or in L n P. By definition of 
P and the constraint that |P| < 2/, it follows that \Lt~) P\ < f. Therefore, LUC^K. Also, 
because \R\ = \Y\ < /, we have PU C L. 




• / < \Y\ < 2/ and |P| < /: Define P such that |P| = / and P C Y. Define P = Y - P, 
P = V - P - P, and C = $. Observe that |P| = |Y| - / < /. Therefore, P U C £ L. Also, 
Y = P U P. Thus, L = lUZUP. There are no links from the nodes in X U Z to the nodes 
in Y, and therefore, no links from the nodes in X U Z to the nodes in P. Thus, the only 
incoming neighbors of R that are also in L are in P. Since |P| < /, the number of incoming 
neighbors of P in L is at most /. Also, C = $>. Therefore, LU C tS> P. 

• / < |Y| < 2/ and / < |P| < 2/: Define P such that |P| = / and contains |P| — / nodes in 
P and 2f - \P\ nodes in Y. Define P = Y - P, L = V - P - P, and C = $. Observe that 

6 Else there would be a (i, j)-path excluding P. 

7 Else there would be a path excluding P from a node in Z to node j, violating the definition of Y and Z. 
8 Else there would be a path excluding P from node i to a node in Z, violating the definition of X and Z. 
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\Y\ = |V|-|P|-|X|-|Z|, and thus, \R\ = |F|-(2/-|P|) = 3/+l-|P| -\X\ -\Z\ -(2f-\P\) = 
f + 1 — \X\ — \Z\. Since i E X, and is non-empty, \R\ < f. Thus, R U C L. Also, 
L = X U Z L) (P — F). There are no links from the nodes in X U Z to the nodes in Y. 
Since R C Y, there are no links from the nodes in X U Z to the nodes in R. Thus, the 
only incoming neighbors of R that are also in L are in P — F. By the definition of the sets, 
\P-F\ = \P\ - (|P| -/) = /. Hence, LUC R. 

• / < \Y\ < 2/ and |P| > 2/: This case is not possible because FflP = $, and n = 3/ + 1. 

• |Y"| > 2/ and |P| < /: Define P such that |P| = / and F CY. Define P such that \R\ = f 
and R C (1" — P). This is possible, since |Y] > 2/. Then, define L = V — F — R, and C = $. 
By definition, |P| = /. Therefore, iJU(7^> L. Also, there are no links from the nodes in 
X U Z to the nodes in R. Thus, the only incoming neighbors of R that are also in L are in 
P U (Y - F - R). Note that |P U Y\ < 3/, since n = 3/ + 1 and X is non-empty. By the 
definition of the sets, \PU(Y-F-R)\ = |PUF|-|PUP| <3/-2/ = /. Hence, LUC ^ R. 

• |y| > 2/ and |P| > /: This case is not possible because Y (1 P = and n = 3/ + 1. 

In each case above, we have found a partition of the graph that violates the necessary condition 
stated in Theorem [TJ Thus, Corollary [3] must be true. 

□ 

5 Sufficiency Proof: Preliminaries 

When / = 0, all the nodes are fault-free, and the proof of sufficiency is trivial. The necessary 
condition for / = implies that there must exist at least one node, say node i, that has directed 
paths to all the remaining nodes in the network. Then consensus can be achieved simply by node 
i routing its input to all the other nodes, and adopting node Vs input as the output for consensus. 
In the rest of our discussion below, we will assume that / > 0. We will show that the necessary 
conditions in Theorems [T] and [2] are also sufficient by providing an algorithm that achieves exact 
consensus in any graph that satisfies those conditions. In the rest of the discussion, we assume 
that graph G(V,£) satisfies the conditions in Theorems [l] and [2j even if this is not stated explicitly 
elsewhere below (recall that the two necessary conditions are equivalent). Also, by Corollaries [l] 
and[2j n > 3/, and the number of incoming neighbors of each node is at least 2f + 1. 

In this section, we first introduce some definitions that are useful in the presentation of the 
algorithm. 

Definition 3 Graph decomposition: Let H be a subgraph of G(V,£). Partition graph H into 
non-empty strongly connected components, Hi, H2, ■ ■ ■ , H^, where h is a non-zero integer dependent 
on graph PL, such that nodes i,j £ if and only if there exist (i,j)- and -paths both excluding 
nodes outside H^. 

Construct a graph H d wherein each strongly connected component above is represented by 
vertex Ck, and there is an edge from vertex Ck to vertex ci if and only if the nodes in have 
directed paths in H to the nodes in Hi . 

It is known that the decomposition graph H d is a directed acyclic graph pp. 
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Definition 4 Source component: Let H be a directed graph, and let H d be its decomposition as 
per Definition [5[ Strongly connected component Hk of H is said to be a source component if the 
corresponding vertex cu in H d is not reachable from any other vertex in H d . 

Definition 5 Reduced Graph: For a given graph G(V,£), and sets F C V, F\ C V — F, such 
that \F\ < f and \ Fi\ < f, reduced graph Gf,f 1 {Vf,f 1 , £f,f 1 ) is defined as follows: (i) Vf,f± = V — F, 
and (ii) £f,f^ is obtained by removing from £ all the links incident on the nodes in F, and all the 
outgoing links from nodes in F%. That is, £f,Fi = £ — {(i, j) I i £ F or j G F} — {(i, j) \ i 6 F±}. 

Theorem 3 Suppose that graph G(V,£) satisfies the condition in Theorem^ For graph G(V,£), 
every reduced graph obtained as per Definition^ must contain exactly one source component. 

Proof: Consider F C V, F% C V — F such that \F\ < f and |-Fi| < /, as specified in Definition 
[5] Since F is a strict subset of V, the reduced graph Gp^ contains at least one node; therefore, 
at least one source component must exist in Gf ) f 1 . We now prove that Gf,F\ cannot contain more 
than one source component. The proof is by contradiction. Suppose that the reduced graph Gf,f 1 
includes at least two source components. 

Let the sets of nodes in two such source components of Gf,Fx be denoted L and R, respectively. 
Let C = V — F — L — R. Observe that L, R, C, F form a partition of the nodes in V. Since L is 
a source component in Gpp x it follows that there are no directed links in £pp x from any node in 
C U R to the nodes in L. Similarly, since R is a source component in Gf,f ± it follows that there are 
no directed links in £f,f ± from any node in L U C to the nodes in R. These observations, together 
with the manner in which £f,Fi is defined, imply that in G(V,£): (i) set L has at most / distinct 
incoming neighbors in C U R, and (ii) set R has at most / distinct incoming neighbors in L U C. 

Therefore, in graph G(V, £), CUR ^ L and LUC ^ R, contradicting the condition in Theorem 
[Tj Thus, Gf,Fi must contain exactly one source component. □ 

Corollary 4 Suppose that graph G(V,£) satisfies the condition in Theorem^ For any F C V and 
F\ C V — F , such that \F\ < f and \F\\ < f, let S denote the set of nodes in the source component 
of Gf,Fi- Then, 

S V ^ F V - F - S 

Proof: Since Gf,f 1 contains non-zero number of nodes, its source component S must be non- 
empty. If V — F — S is empty, then the corollary follows trivially by Definition [2] Suppose that 
V — F — S is non-empty. Since 5 is a source component in GpF 1: it has no incoming neighbors in 
Gf,Fx] therefore, all of the incoming neighbors of S in V — F in graph G(V,£) must belong to F±. 
Since |Fi| < /, we have, 

(V-S-F)^S 

Lemma [2] then implies that 

S V ^ F V - F - S 

□ 

Definition 6 For F C V, graph G^f is obtained by removing from G(V, £) all the nodes in F, 
and all the links incident on nodes in F. 
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Lemma 6 For any F C V, F 1 C V - F, such that \F\ < f, |F X | < /; 

• The source component of Gf,f x *s strongly connected in G-f- 

• The source component ofGp,Fi does not contain any nodes in F\. 

Proof: By Definition [3| each pair of nodes i,j in the source component of graph Gp,F\ has at 
least one (i, j)-path and at least one (J, i)-path consisting of nodes only in Gf,Fu i-e., excluding 
nodes in F. 

Since F\ C V — F, Gf,Fi contains other nodes besides F\. Although nodes of F\ belong to 
graph Gf,Fii the nodes in F\ do not have any outgoing links in Gf,f ± - Thus, any node in F\ cannot 
have paths to any other node in Gp,Fx- Then, due to the connetedness requirement of a source 
component, it follows that no nodes of F\ can be in the source component. 

□ 

The reader may skip the rest of this section without loss of continuity. The material is not used in 
specifying our algorithm for exact consensus, or in proving its correctness. 

Theorem 4 Suppose that a correct Byzantine consensus algorithm exists for G(V,£). Then the 
following condition must hold: 

For any F C V and F x C V — F such that \F\ < f and \F X \ < f , let S be the source component 
in the reduced graph Gf,f x as per Definition^ For any F' C V — F with \F'\ < f, for every node 
i £ V — F — F' — S, there exists in G(V,£) a (S,i)-path excluding F U F' . Note that F' may or 
may not equal to F x . 

Proof: We prove this theorem by showing that the condition in Theorem [T] implies the condition 
in Theorem |4]|^] The proof is by contradiction. Suppose that the condition in Theorem [4] is not 
true. Then there exist F C V, F x C V - F, and F' C V - F, with \F\ < /, \F X \ < f, \F'\ < f, 
and S being the the source component of Gf,f x , such that in graph G(V,£) there is no (S, i)-path 
excluding F U F' for some node i £ V — F — F' — S. Now, let us define 

• L = S. 

L is non-empty due to the definition of source component. 

• R = {j I j G V — F — F' and there exists a (j, i)-path excluding F U F'}. 
Node i G R by the definition of (i, i)-path, and thus, R is also non-empty. 

• c = V-F-L-R. 

Observe that F, L, R, C are disjoint and together form a partition of G such that \F\ < f, and 
L, R are non-empty. 

Recall that by definition, the source component does not have any incoming neighbors in Gf,f x 
from V-F-S = V-F-L = CUR. Therefore, in G(V, £), C U R £ L. 
Then, we make the following observations: 

9 Theorem 4 can also be proved using Corollary Ul 
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• S n R = <£; otherwise, there is a (S, i)-path excluding F U F' , violating the assumption. 

• For any s £ S — F' and j S R, (s,j) £; otherwise, there is a (S, i)-path excluding F U F' , 
violating the assumption. 

• For any pair of nodes c S C — F' and r £ R, (c, r) £; otherwise, there is a (c, i)-path 
excluding F U F' via node r, violating the definition of R. 

Therefore, all the incoming neighbors of set R in V — F are contained in F' . Since \F'\ < /, 
LuC^> R. 

Thus, the partition L, R, C, F contradicts the condition in Theorem [TJ □ 



Lemma 7 Assume that graph G(V,£) satisfies the condition in Theorem^ Then it also satisfies 
the condition in Theorem^ 

Proof: The proof is by contradiction. Suppose that G(V,£) does not satisfy the condition in 
Theorem [T] Then there exists a partition L,R,C,F of V, where L,R are non-empty and \F\ < f 
such that L U C R, and R U C ^ L. That is, 

• There exists Fr C LU C such that \Fr\ < f, and there is no (LU C, i)-path excluding FUFr 
for all i € R, and 

• There exists Fl Q RU C such that \Fjj\ < f, and there is no (i?U C, j)-path excluding FUFl 
for all j 6 L. 

Note that Fr may or may not overlap with Fl. 

Now, consider a reduced graph Gf,f r - Since there is no (LUC, i)-path excluding FUFr for all 
i £ R, the corresponding source component 5" is a subset of R. This observation and the definition 
of Fl imply that there is no (S, j)-path excluding F U Fl for any j £ L. This contradicts the 
condition in Theorem HJ □ 

The necessary conditions in Theorems [TJ [2] and [4] are thus equivalent. In the next section, we 
will prove that these conditions are sufficient as well. 

6 Algorithm BC 

When / = 0, all the nodes are fault-free, and the proof of sufficiency of the necessary condition 
derived earlier is trivial. The necessary condition for / = implies that there must exist at least 
one node, say node i, that has directed paths to all the remaining nodes in the network. Then 
consensus can be achieved simply by node i routing its input to all the other nodes, and adopting 
node i's input as the output for consensus. In the rest of this section, we will assume that / > 0. 

We now present a new algorithm, named Algorithm BC, and prove that it correctly achieves 
Byzantine consensus. As shown below in the pseudo-code of Algorithm BC, the algorithm consists 
of two loops, an OUTER loop, and an INNER loop. The OUTER loop of the algorithm considers 
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each subset F of V such that \F\ < f 10 For each such F, the INNER loop examines each partition 
A, B of V — F such that A, B are both non-empty. For each such partition A, B, a non-empty set 
S is identified such that S C V — F, and 

5 v zf V - F - 5 

The INNER loop uses sub-algorithms Propagate and Equality. These sub-algorithms make 
use of some state maintained by the nodes. We first discuss the node state, followed by the sub- 
algorithms. 

6.1 Node State 

Each node i maintains two state variables that are explicitly used in our algorithm: V{ and tj. Each 
node will have to maintain other states as well (such as the routes to other nodes); however, we do 
not introduce additional notation for that. 

• Variable v f. Initially, Vi at any node i is equal to the input at node i. During the course of the 
algorithm, Vi at node i may be updated several times. Value Vi at the end of the algorithm 
represents node i's decision (or output) for Algorithm BC. The output at each node is either 
or 1. 

At any time during the execution of the algorithm, the value V{ at node i is said to be valid 
if either of the following two conditions is true: 

— Vi = 0, and at least one fault-free node has input equal to 

— Vi = 1, and at least one fault-free node has input equal to 1 

Initial value Vi at a fault-free node i is valid because it equals its own input. Algorithm BC 
ensures that Vi at a fault-free node i always remains valid throughout the execution of the 
algorithm. 

• Variable tf. Variable ti at any node i may take a value in {0, 1, _L}, where _L is distinguished 
from and 1. The Propagate and Equality procedures take ti at participating nodes i as 
input, and may also modify tj. Under some circumstances, Vi at node i is set equal to U in 
order to update Vi. We will discuss this in detail below. 



It also suffices to perform the outer loop for \F \ — f. 
11 We discuss how to choose such S in subsection 6 
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Algorithm BC 



(OUTER LOOP) 

For each F C V, where \F\ < f and / > 0: 
(INNER LOOP) 

For each partition A, B of V — F such that A, B are non-empty, and A ^ B: 
STEP 1 of INNER loop: 

V-F V ~ F 

• Case 1: A -w 5 and 5 

V— F 

Let non-empty set 5 C i be a set such that 5 ~> V — F — S, and 5 is strongly 
connected in G-f- 

(a) For all i G S 1 , U := Vi 

(b) Equality^) 

(c) Propagate^, V-F -,5) 

(d) At each j G V - F - S: if i,- /_L, then Vj := ij 

• Case 2: A V ^> F B and B A: 

Let non-empty set S C A U B be a set such that S 1 ~~> V — F — 5, 5 is strongly 
connected in G-f, and A ~> (S — A). 

(e) For all nodes i e A: U = Vi 

(f) Propagate(A, S - A) 

(g) Equality(S) 

(h) Propagate(S,V-F-S) 

(i) At each j £ V — F — (An S): if tj /_L, then vj := tj 
STEP 2 of INNER loop: 

(j) Each node k € F receives «j from each j £ Nk, where iVfc is a set consisting of / + 1 of 
fe's incoming neighbors in V — F. If all the received values are identical, then Vk is set 
equal to this identical value; else Vk is unchanged. 



Figure 1: Algorithm BC (for / > 0): In the pseudo-code, := denotes the assignment operator. 
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6.2 Procedure Propagate^, B) 

Propagate^, B) assumes that 5CV-F, 6CV-F, SflB = $ and S V ^ F B. 
Propagate(5, B) 

(1) Since S ~~» B, for each i € B, there exist / + 1 disjoint (S, i)-paths that exclude F. The 
source of each of these paths is in 5; on each path, the corresponding source node, say node s, 



sends _ t s to node i along the corresponding path. Intermediate nodes on these paths forward 
received messages as necessary. 

When a node does not receive an expected message, the message content is assumed to be _L. 

(2) When any node i £ B receives / + 1 values along the / + 1 disjoint paths above: if the / + 1 
values are all equal to 0, then U := 0; else if the / + 1 values are all equal to 1, then U := 1; 
else U :=_L. 

(Note that := denotes the assignment operator.) 

For all j B, tj is not modified during Propagate^, B). Also, for all k G V, is not modified 
during Propagate^, B). 



6.3 Equality(A) 

Equality(yl) assumes that A C V — F, A ^ $, and that for each pair of nodes i,j E A, an 
path excluding F exists. That is, A is strongly connected in (G^p is defined in Definition 

©• 

Equality (A) 



(1) Each node i £ A sends tj to all other nodes in A along paths excluding F. 

(2) Each node j £ A thus receives messages from all nodes in A. Node j checks whether values 
received from all the nodes in A and its own tj are all equal, and also belong to {0, 1}. If 
these conditions are not satisfied, then tj :=JL; otherwise tj is not modified. 

For any node k A, tk is not modified in Equality^). For any node k £ V, vt is not modified in 
Equality (A). 



6.4 INNER Loop 

For each F chosen in the OUTER loop, the INNER loop of Algorithm BC examines each partition 
A, B of V — F such that A, B are both non-empty. From the condition in Theorem [2j we know 

^71 jp 

that either A B or B ~~» A. Therefore, with renaming of the partitions we can ensure that 

V— F 

A B. Then, depending on the choice of A, B, F, two cases may occur: 

12 All the nodes are aware of the "schedule" used for such transmissions, which is considered a part of the algorithm 
specification. 
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V-F V ~ F 

• Case 1: A -w B and B A 

• Case 2: A V ^f B and S V ^ F A 

Now we will show that a suitable set S as required in each case in Algorithm BC exists: 

• Case 1: A B and B A: 

v-f n 

Since B A, by Lemma |3j there exist non-empty sets A',B' that form a partition of 
A U B = V - F such that A' <Z A and 

B'^A' 

Let i*i be the set of incoming neighbors of A' in B' . Since B' ^ A' , \F±\ < f . Then A' has no 
incoming neighbors in Gf,Fi- Therefore, the source component of Gf,Fi must be contained 
within A' . Let S denote the set of nodes in this source component. Since 5 is the source 
component, by Corollary |4j 

S v zf v - S - F. 

Since S C A' and A' C A, S C A. Then, BC (Au5)-S = V-5-f; therefore, V-S-F 

is non-empty. Also, since S V — S — F, set S must be non-empty (by Lemma [l]). By 
Lemma [6j S is strongly connected in G-f- 

• Case 2: A 5 and B V ^ F A: 

Since |V| = n > 3/, |j4UB| = |V — F\ > 2f. In this case, we pick an arbitrary non-empty set 
Fi C AU B = V — F such that \Fx\ = f, and find the source component of Gf,Fi- Let the 
set of nodes in the source component be denoted as S. Since S is the source component, by 
Corollary |4j 

V— F 

S - > V-F-S 

jp Vj 

Also, since A B, and (S — A) C B, we have A ~» (S — A). Also, since V — S — F 

V—F 

contains Fx, V — S — F is non-empty, and since S ~~» V — 5 — F, set S must be non-empty 
(by Lemma [I]). By Lemma [6j S is strongly connected in G-f- 

Now consider nodes in set F. As shown in Corollary [2j when / > 0, each node in V has at least 
2/ + 1 incoming neighbors. Since |F| < /, for each k € F there must exist at least f + 2 incoming 
neighbors in V — F. This satisfies the requirement in step (j) of Algorithm BC. 



6.5 Correctness of BC 

In the discussion below, assume that F* is the set of faulty nodes in the network (0 < |F*| < / 
and / > 0). 

When discussing a certain iteration of the INNER loop, we sometimes add superscript start and 
end to Vi for node i below to indicate whether we are referring to Vi at the start of that iteration, 
or at the end of that iteration. 

Lemma [8] states that the state Vj of any fault-free node j at the end of an iteration of the 
INNER loop equals the state of some fault-free node at the start of that iteration. 

Lemma 8 For any given iteration of the INNER loop, for each fault-free j £ V , there exists a 
fault- free node s such that vf n( ^ = v^ ar ^. 
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Proof: We will first consider fault-free nodes in V — F in each of the two cases in the INNER 
loop, and then consider the fault-free nodes in F. 

Define set Z as the set of values for Vi at all fault-free i G V at the start of the INNER loop 
iteration under consideration. 

Z = {vf tart | i G V - F* } 

• Case 1: 

Observe that, in Case 1, Vi remains unchanged for all fault-free i G S; hence, the claim of the 
lemma is trivially true for fault-free i G S. 

We will now prove the claim for fault-free j G V — F — S. 

— step (a): Consider a fault-free node i G S. At the end of step (a), U is equal to vf^ ar ^; 
thus ti G Z. 

— step (b): In step (b), Equality(5) either keeps U unchanged at fault-free node i G S or 
modifies it to be _L. Thus, now U G Z U {-L}. 

— step (c): Consider a fault-free node j G V — F — S. During Propagate (S, V — F — S), 
j receives / + 1 values along / + 1 disjoint paths originating at nodes in S. Therefore, 
at least one of the / + 1 values is received along a path that contains only fault-free 
nodes; suppose that the value received by node j along this fault-free path is equal to 
a. As observed above in step (b), ti at all fault-free nodes i G S is in Z U {_L}; thus, 
a G ZU {_L}. Therefore, at fault-free node j G V - F - S, Propagate^, V — F — S) will 
result in tj G {a, _L} C Z U {_L}. 

— step (d): Then it follows that, in step (d), at fault-free j G V — F — S, if Vj is updated, 
then vf nd G Z. On the other hand, if Vj is not updated, then vf n< ^ = v f art G Z. 

• Case 2: 

Observe that, in Case 2, Vj remains unchanged for all fault-free j G A n S. 
Now we prove the claim in the lemma for fault-free j G V — F — (A n 5) . 

— step (e): For any fault-free node i G A, at the end of step (e), ti G Z. 

— step (f): Consider a fault-free node m £ S — A. During Propagate(^4, S — A), m receives 
/ + 1 values along / + 1 disjoint paths originating at nodes in A. Therefore, at least 
one of the / + 1 values is received along a path that contains only fault-free nodes; 
suppose that the value received by node m along this fault-free path is equal to a G Z. 
Therefore, at node m G S — A, Propagate (A, S — A) will result in t m being set to a value 
in {a,_L} C ZU {_L}. 

Now, for m G SC\A, t m is not modified in step (f), and therefore, for m G SO A, t m G Z. 
Thus, we can conclude that, at the end of step (f), for all fault-free nodes m G S, 
t m G ZU{±}. 

— step (g): In step (g), at each m G S, Equality (S) either keeps t m unchanged, or modifies 
it to be _L. Thus, at the end of step (g), for all fault-free m G S, t m is in Z U {J-}. 

— step (h): Consider a fault-free node j G V — F — S. During Propagate(S', V — F — S), j 
receives / + 1 values along / + 1 disjoint paths originating at nodes in S. Therefore, at 
least one of the / + 1 values is received along a path that contains only fault-free nodes; 
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suppose that the value received by node j along this fault-free path is equal to j3. As 
observed above, after step (g), for each fault-free node m £ S, t m G ZU{1}. Therefore, 
f3 G ZD {_L}, and at node j GV-F-S, Propagate (S, V - F - S) will result in tj being 
set to a value in {/?, _L} C Z U {_L}. 

— step (i): From the discussion of steps (g) and (h) above, it follows that, in step (i), if Vj 
is updated at a fault-free j G V — F — (S n A), then ^ enc ^ g on the other hand, if Vj 
is not modified, then v^ n< ^ = v? tart G Z. 

Now consider a fault-free node k € F. As shown above, at the start of step (j), vf 71 ^ G Z at 
all fault-free j G V - F. Since |A^| = / + 1, at least one of the nodes in N/. is fault-free. Thus, of 
the / + 1 values received by node k, at least one value must be in Z. Now, consider two cases: On 
one hand, if node k changes vt in step (j), then the new value will also in Z. On the other hand, 
if node k does not change v^, then it remains in Z by the definition of Z. 

□ 

Lemma 9 Algorithm BC satisfies the validity condition for Byzantine consensus. 

Proof: Observe that for each fault-free i 6 V, initially, Vi is valid, because it is equal to the 
input at node i. Lemma [8] implies that after each iteration of the INNER loop of Algorithm BC, 
Vi remains valid at each fault-free node i. Therefore, when Algorithm BC terminates, Vi at each 
fault-free node i will satisfy the validity condition for Byzantine consensus. □ 

Lemma 10 Algorithm BC satisfies the termination condition for Byzantine consensus. 

Proof: Recall that we are assuming a synchronous system, and the graph G(V,£) is finite. Thus, 
Algorithm BC performs a finite number of iterations of the OUTER loop, and a finite number of 
iteration of the INNER loop for each choice of F in the OUTER loop, the number of iterations 
being a function of graph G. Hence, Algorithm BC will terminate after a bounded amount of time. 

□ 

Lemma 11 Algorithm BC satisfies the agreement condition for Byzantine consensus. 

Proof: Recall that F* denotes the set of faulty nodes in the network (0 < \F*\ < /). 

Since the OUTER loop considers all possible F C V such that \F\ < /, eventually, the OUTER 
loop will be performed with F = F* . 

In the INNER loop for F = F* , different partitions A, B of V — F = V — F* will be considered. 
We will say that such a partition A,B is a "conformant" partition if i?, = Vj for all i,j G A, and 
Vi = Vj for all i, j G B. A partition A,B that is not conformant is said to be "non-conformant". 
Further, we will say that an iteration is a "deciding" iteration if one of the following condition is 
true. 

CI : The partition considered in this iteration is conformant. 

In Case 1 with conformant partition, every node in S has the same value t after step (a). 
Hence, in the end of step (b), every node in S has the same value t. Now, consider Case 2 
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with conformant partition. Denote the value of all the nodes in A by a (a 6 {0, 1}). Then, 
in step (e), each node i in S n A sets t% equal to a. In step (f), all the nodes in S n B receive 
identical values a from nodes in A, and hence, they set value t equal to a. Therefore, every 
node in S has the same value t in the end of step (g) . 

C2 : The partition considered in this iteration is non-conformant; however, in the end of step 
(b) of Case 1, and in the end of step (g) of Case 2, every node in the corresponding source 
component S has the same value t. That is, for all i,jES,U = tj. 

In both CI and C2, all the nodes in the corresponding source component S have the identical value 
t in the deciding iteration (in the end of step (b) of Case 1, and in the end of step (g) of Case 2). 
The iteration that is not deciding is said to be "non-deciding" . 

Claim 1 In the INNER loop for F = F* , value Vi for each fault-free node i will stay unchanged in 
every non-deciding iteration. 

Proof: Suppose that F = F*, and the iteration under consideration is a non-deciding iteration of 
the INNER loop. Observe that since the paths used in Equality and Propagate exclude F, none 
of the faulty nodes can affect the outcome of any INNER loop iteration when F = F* . Thus, during 
Equality(5) (step (b) of Case 1 or step (g) of Case 2), each node in S can receive the value from 
other nodes in S correctly. Then, every node in S will set value t to be _L in the end of Equality (5), 
since by the definition of non-deciding iteration, there is a pair of nodes j,k £ S such that tj ^ t^. 
Hence, every node inV — F — S will receive / + 1 copies of _L after Propagate^, V — F — S) (step 
(c) of Case 1 and step (h) of Case 2), and will set value t to _L. Finally, in the end of the iteration, 
the value v at each node stays unchanged based on the following two observations: 

• nodes in S (in Case 1) or in AnS (in Case 2) will not change value v as specified by Algorithm 
BC, and 

• U =_L for each node i £ V — F - S (in Case 1) or for each node i £ V - F — (AnS). 

Note that by assumption, there is no fault-free node in F, and hence, we do not need to consider 
STEP 2. Therefore, the statement is proved. □ 

Let us divide the iterations of the INNER loop for F = F* into three phases: 

• Phase 1: Iterations of the INNER loop before the first deciding iteration 

• Phase 2: The first deciding iteration 

• Phase 3: Remaining iterations of the INNER loop for F = F* . 
Claim 2 The INNER loop for F = F* will eventually enter Phase 2. 
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Proof: By Lemma [9J it is always true that V{ E {0,1} for each fault-free node i. Thus, when 
we perform the OUTER iteration for F = F* , a conformant partition exists (in particular, set A 
containing all fault-free nodes with v value 0, and set B containing the remaining fault-free nodes, 
or vice- versa.) By Claim [TJ nodes in V — F will not change values during non-deciding iterations. 
Then, since the INNER loop considers all partitions, the INNER loop will eventually consider either 
a conformant partition, or a non-conformant partition such that every node in the corresponding 
source component S has the same value t. □ 



Now, let us consider each phase separately: 

• Phase 1: By Claim [TJ the V{ at each fault-free node i£V stays unchanged. 

• Phase 2: Now, consider the first deciding iteration of the INNER loop. 

Recall that all the nodes in V — F = V — F* are fault-free. Let S be the corresponding source 
components in this iteration. We will show that in this iteration, every node in S will have 
the same t value. Consider two scenarios: 

— The partition is non-conformant: Then by definition of deciding iteration, we can find 
an a E {0, 1} such that v% = a for all i E S after step (b) of Case 1, or after step (g) of 
Case 2. 

— The partition is conformant: Let m = a for all i E A for a E {0, 1}. Such an a exists 
because the partition is conformant. 

* Case 1: In this case, recall that S C A. Therefore, after steps (a) and (b) both, tj 
at all j E S will be identical, and equal to a. 

* Case 2: This is similar to Case 1. At the end of step (e), for all nodes i £ A, ti = a. 
After step (f), for all nodes i E SU A, ti = a. Therefore, after step (g), for all nodes 
i E S, ti will remain equal to a. 

Thus, in both scenarios, we found a source component S and a such that for all i E S , t, = a 
after step (b) of Case 1 or after step (g) of Case 2. 

Then, consider the remaining steps in the iteration. 

— Case 1: During Propagate^, V — F — S), each node k E V — F — S will receive / + 1 
copies of a along / + 1 disjoint paths, and set tf. = a in step (c). Therefore, each node 
k £ V — F — S will update its Vk to be a in step (d). 

— Case 2: After step (h), tj = a for all j E (V — F — S) U S. Thus, each node k € 
V — F — (A n S) will update to be a. Recall that each node k E A n S does not modify 
its Vk, which is already equal to a. 

Thus, in both cases, at the end of STEP 1 of the INNER loop, for all k E V - F = V - F* , 
Vk = a. 

Since all nodes in F* are faulty, agreement has been reached at this point. By Lemma [8| the 
agreed value is valid as well. Thus, the goal now is to show that the agreement and validity 
conditions are not violated by actions taken in any future iterations of the INNER loop. 
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• Phase 3: At the start of Phase 3, for each fault-free node k G V — F*, we have v k = a G {0, 1}. 
Then by Lemma [8| all future iterations of the INNER loop cannot assign any value other 
than a to any node k G V — F* . 

After Phase 3 with F = F* , Algorithm BC may perform iterations for other choices of set F. 
However, due to Lemma[8j the value Vi at each j G V-F (i.e., all fault-free nodes) continues being 
equal to a. □ 

Theorem 5 Algorithm BC satisfies validity, agreement, and termination properties for Byzantine 
consensus. 



Proof: The theorem follows from Lemmas [9 10 and 11 □ 

7 Generalized Fault Model 

In this section, we briefly discuss how to extend the above results to exact consensus under gen- 
eralized fault model. The generalized fault model [6] is characterized using fault domain T C 2 V 
as follows: Nodes in set F may fail during an execution of the algorithm only if there exists set 
F* G T such that FCF*. Set F is then said to be a feasible fault set. 

Definition 7 Set F C V is said to be a feasible fault set, if there exists F* G T such that F C F* . 

Please refer to our previous work [5] for more discussion on generalized fault model. 

For a set of nodes B, define N~(B) = {i \ (i,j) G £, i B, j G B}, the set of incoming 
neighbors of B. 

Definition 8 Given T , for disjoint sets of nodes A and B, where B is non-empty. 

• A =l> B iff for every F* G T , N~(B) n A F* , i.e., the set of incoming neighbors of B in A 
is not a feasible fault set. 

• A ^ B iff A 4> B is not true. 

With the replacement of =4> by =>, Theorem [l] and [4] will hold for the generalized fault model. 

For the generalized fault model, the definition of propagation from A to B should be modified 
as follows: 



Definition 9 For any partition A, B,F of V such that A, B are non-empty and F is a feasible 
fault set, A ~~> B if for any feasible fault set F' C V — F, for every node i G B — F' , there exists 
in G(V,£) a (A, i) -path excluding F U F' . 

Then the correctness of Algorithm BC can be proved with the following changes to the algorithm: 

• Whenever Algorithm BC uses / + 1 (S, i)-paths in Propagate^, B), the new algorithm uses 
all possible (S, i)-paths excluding F. 
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• Whenever a node i in Algorithm BC compares / + 1 values received in Propagate (5, B), in 
the new algorithm node i uses all values received along all the paths excluding F to decide 
how to update value t. 

Note that by the condition in Theorem [4| it should be easy to see that the paths used to 
propagate messages contains at least one fault- free path, i.e., every node on the path is fault- 
free. Therefore, the new algorithm can be shown to achieve termination, agreement, and validity 
similarly. 

8 Example Networks 

In this section, we introduce two different graphs, and use the results in the previous sections to 
show that exact Byzantine consensus can be reached in these graphs. 

8.1 1-Core Network 

Definition 10 A graph G(V,£) consisting of n > 3/ nodes is said to be a 1-core network if the 
following two properties are satisfied: 

• It includes a clique formed by nodes in K C V, such that \K\ = 3/ + 1, as a subgraph. That 
is, Vi, j G K,i^ j, (i,j) G £ . 

• Each node i G" K has incoming links from arbitrary 2/ + 1 nodes in K . That is, for each 
v G V — K , there exists K v C K such that \K V \ = 2/ + 1, and Vu G K v , (u, v) G £■. 

It is easy to show that a core network satisfies the condition in Theorem [TJ 

There is a simple consensus algorithm for the 1-core network: first solve consensus in the 
(3/ + l)-node clique using any existing Byzantine consensus algorithm for cliques; then, all the 
nodes in the clique transmit their decision value on all the outgoing links to the nodes outside the 
clique; every node outside the clique decides on the majority of 2/ + 1 values received from the 
nodes in the clique. 

8.2 2-Core Network 

Definition 11 A graph G(V,£) consisting of n = 6/ + 2 nodes, where f is a positive non-zero 
even integer, is said to be a 2-core network if all the following properties are satisfied: 

• It includes two disjoint cliques, each consisting of 3/ + 1 nodes. Suppose that the nodes in the 
two cliques are specified by sets K\,Ki, respectively, where K\ = {u\,U2,--- ,u^f + {\ C V, 
and Ki = V — K\ = {w\,W2, • • • , W3/+1}. Thus, (ui, Uj) £ £ and (wi,Wj) G £, for 1 < i,j < 
•V • /./• 

• (ui,W{) G £, for 1 < i < ^ and i = 3/ + 1. 

• (u>i, Ui) G £, for ^ + 1 < i < 3/ and i = 3/ + 1. 
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Figure 2: A 2-core network for / = 2. For simplicity, the edges in each core, K\ and K2, are not 
presented in this figure. Note that each core is a clique. 
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Figure [2] illustrates the 2-core network for / = 2. We will show that the 2-core network satisfies 
the condition in Theorem [2] We first prove the following lemma. 



Lemma 12 Let A,B,C,F be disjoint subsets ofV such that \F\ < f and A,B,C are non-empty. 
Suppose that A V ^f BandAuB C. Then, A V ^ F B U C. 

Proof: The proof is by contradiction. Suppose that 

. A V ^ F B, 

• A U B C, and 

V-F 

• A PuC. 

The first condition above implies that \A\ > f + 1. By Definition [2] and Menger's Theorem [SJ, the 
third condition implies that there exists a node v £ BUC and a set of nodes P C V — F — {v} such 
that |P| < / and all (A, i>)-paths excluding F contain at least one node in P. In other words, there 

is no (A, i>)-path excluding F U P. Observe that, because A ~» B, v cannot be in B; therefore v 
must belong to set C. 

Let us define the sets X and Y as follows: 

• Node x £ X if and only if x G V — F — P and there exists an (A, x)-path excluding F U P. 
It is possible that PnA/f; thus, the (A, rc)-path cannot contain any nodes in P n A. 

• Node y € Y if and only ifyEV — -F — P and there exists an (y, u)-path excluding P U P. 

By the definition of X and Y, it follows that for any x € X,y £ Y , there cannot be any (x, y)- 

path excluding P U P. Also, since A ~~» P, for each 6 € P — P, there must exist an (A, 6)-path 
excluding P U P; thus, B - P Q X, and P C X U P. Similarly, A C X U P, and therefore, 

By definition of X, there are no (X U P, w)-paths excluding P U P. Therefore, because 4uB C 

V-F 

X U P, there are no (A U P, u)-paths excluding P U P. Therefore, since v £ C, A U B C. This 
is a contradiction to the second condition above. □ 

Lemma 13 Suppose that G(V,£) is a 2-core network. Then G satisfies the condition in Theorem 

H 

Proof: Consider a partition A,B,F of V, where A and B are both non-empty, and |P| < /. 



Recall from Definition 11 that K\,K2 also form a partition of V. 

Define A x = AD K 1} A 2 = AD K 2 , B ± = B D K 1; B 2 = B D K 2 ,Fi = F D and P 2 = P n K 2 . 

Define £' to be the set of directed links from the nodes in K\ to the nodes in K 2 , or vice- versa. 
Thus, there are ^ + 1 directed links in £' from the nodes in K\ to the nodes in K 2 , and the 
same number of links from the nodes in K 2 to the nodes in K\. Each pair of links in £' , with the 
exception of the link pair between 03/4.1 and 63/41, is node disjoint. Since |P| < /, it should be 
easy to see that, at least one of the two conditions below is true: 
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(a) There are at least / + 1 directed links from the nodes in K\ — F to the nodes in K2 — F. 

(b) There are at least / + 1 directed links from the nodes in K2 — F to nodes the in K\ — F . 

Without loss of generality, suppose that condition (a) is true. Therefore, since \K\ — F\ > If + 1 

V— F 

and the nodes in K2 — F form a clique, it follows that K\ — F ~~> K2 — F. Then, because 
K\ - F = Ai U Bi and K 2 - F = A 2 U B 2 , we have 

iiUBi V -^i 2 UB 2 . (4) 

\Ki- F\ > 2/ + 1 also implies that either \Ai\ > f + 1 or \Bi\ > f + 1. Without loss of 
generality, suppose that \A\\ > f + 1. Then, since the nodes in yli U B\ form a clique, it follows 

that Ai V ~ F ^ K2 B 1 (recall that V - Fj. - K 2 = A x U B{). Since V - Fx - K 2 C V - F, we have 

A x V ^ F B x (5) 



V— F V—F 

(4) and (5 ), along with Lemma 12 imply that A\ ~~» i?iU742U-B2- Therefore, A\ B1UB2, 



and U ^2 V -^ F -Bi U 5 2 . Since i = iiUi 2 and B = BxU B 2 , A V ^ F B. □ 
Interestingly, the 2-core network satisfies the necessary condition despite the fact that 2/ + 1 
links are not available in either direction between the nodes in K\ and K2. 



9 Conclusion 

This paper presents tight necessary and sufficient conditions for achieving Byzantine consensus in 
synchronous networks that can be represented as directed graphs. We provide a constructive proof 
of sufficiency by presenting a new Byzantine consensus algorithm for directed graphs. As briefly 
stated in Section [7[ the necessary condition in Theorem [4] and Algorithm BC can also be applied 
with the generalized fault model in [6] . In Section [8j we also introduce two families of graphs that 
satisfy the necessary and sufficient condition in Theorem [2} 
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Appendix 



A Proof of Theorem [T] 



We first describe the intuition behind the proof, followed by a formal proof. Intuitively, if the graph 
does not satisfy the condition in Theorem [TJ then the faulty nodes can force the fault-free nodes to 
disagree with each other, as follows. Suppose that there exists partition L, R, C, F where L, R are 
non-empty and \F\ < f such that C U R 7S- L, and L U C 7^ R. Now, suppose that all the nodes in 
L have input m, and all the nodes in R U C have input M, where m ^ M. 

Suppose that the nodes in F are faulty. Then the the faulty nodes can behave to nodes in L 
as if nodes in RL) C L) F have input m, while behaving to nodes in R as if nodes in LUCUF 
have input M. Since the graph does not satisfy the condition in Theorem [TJ nodes in L cannot 
distinguish between the following two scenarios, where Nl denotes the set of incoming neighbors 
of L in C U R: 

• All the nodes in Nl are faulty, rest of the nodes are fault-free, and all the fault-free nodes 
have input m. 

• All the nodes in F are faulty, rest of the nodes are fault-free, and fault-free nodes have input 
m or M. 

In the first scenario, for validity, the output at nodes in L must be m. Therefore, in the second 
scenario as well, the output at the nodes in L must be m. 

Similarly, nodes in R cannot distinguish between the following two scenarios, where Nr denotes 
the set of incoming neighbors of R in C U L: 

• All the nodes in Nr are faulty, rest of the nodes are fault-free, and all the fault-free nodes 
have input M. 

• All the nodes in F are faulty, rest of the nodes are fault-free, and fault-free nodes have input 
m or M. 

In the first scenario, for validity, the output at nodes in R must be M. Therefore, in the second 
scenario as well, the output at the nodes in R must be M. 

Thus, in the case when the nodes in F are faulty, nodes in L and R can be forced to decide on 
distinct values, violating the agreement requirement. 

Now we present a formal proof of Theorem [TJ 



Proof: The proof is by contradiction. Suppose that a correct Byzantine consensus algorithm (say 
ALGO) exists, and there exists a partition such that C U R ^ L and L U C 7S* R. Thus, L has 
at most / incoming neighbors in R U C, and R has at most / incoming neighbors in L U C. We 
further assume that the nodes in F (if F is non-empty) are all faulty, and the remaining nodes (in 
L, C, R) are all fault-free. 

Let us assume that the behavior of each node i £ V when using ALGO can be modeled by a 
state machine. We construct an augmented network AT with the following properties p*] 

13 We use italic letters for entities in G(V,£), and non-italic letters for entities in Af. 
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• For each node r in R, there are two copies in J\f. The two copies are named r and r2. The 
two nodes r and r2 in A/" are copies of r in the sense that the corresponding two nodes have 
identical state machine as r. 

• For each node I G L, there are two copies in M. The two copies are named 1 and 11. 

• For each node k G F, there are two copies in J\f. The two copies are named kl and k2. 

• For each node c G C, there are three copies in A/". The three copies are named c, cl and c2. 

The communication links in M are derived using the communication graph G(V,£). In partic- 
ular, if node i has a link to node j in G, then a copy of node j in J\f will have a link from one copy 
of node i in M. 

On the other hand, if link (i, j) G £ then one copy of node i in M may have links to multiple 
copies of node j in M . This should be viewed as a "broadcast" operation that is being simulated 
unbeknownst to the state machines for the corresponding nodes in J\f. The same technique of 
broadcast operation has also been used in O H] . Exactly which copy of node i has link to a copy 
of node j is represented with the edges shown in Figure [3j as described next. 

• Vertices in Figure [3] represent sets of vertices in M. 

Vertex R represents a set containing node r in J\f corresponding to each node r G R. 
Vertex R2 represents a set containing node r2 in N corresponding to each node r G R. 
Vertex Fl represents a set containing node kl in A" corresponding to each node k G F. 
Vertex F2 represents a set containing node k2 in J\f corresponding to each node k G F. 
Vertices C, Cl, C2, L, and LI analogously represent copies of appropriate nodes in G. 

• The directed edge from vertex R to vertex Fl in Figure [3] indicates that, if for r G R and 
k G F, link (r, k) G £, then link (r,kl) is in A". Similarly, the directed edge from vertex F2 to 
vertex L in Figure [3] indicates that, if for k G F and / G L, link (k, I) G £, then link (k2,l) is 
in J\f. Other solid edges in Figure [3] represent other communication links in M similarly. 

The dotted arrows are also communication links in J\f, but we use dots to emphasize that the 
links are broadcast links in the sense discussed above. There are four such "broadcast edges" 
in the figure. The broadcast edge from L to R and Rl implies that if for I G L and r G R, 
link (/, r) G £, then messages from node 1 in A/ - being sent to the state machine r are sent to 
r and rl both in N . 

• Five of the edges do not terminate at any vertex in Figure [3] (one such edge at each of the 
vertices Cl, LI, R2, C2, and C). This signifies that the corresponding transmissions are 
discarded silently without the knowledge of the sender. For instance, transmissions from LI 
to R are discarded. More specifically, for / G L and r G R, if there is a link (r, /) G £, then 
transmissions by node 11 (in J\f) intended for state machine r are silently discarded without 
the knowledge of node 11 14 



Each node in G(V,£) has an input as discussed previously. An input is also available to each 
node in N . In our discussion, we will assume that the fault-free nodes represented by any single 

14 These edges may alternatively be modeled using additional copies of state machines in L, R, and F that do not 
have outgoing edges. For instance, in Figure 3, we can replace Li's outgoing neighbor set R by set R3, which contains 
node r3 (in M) corresponding to each r G R. Now, in our example above, instead of the message from 11 to r being 
silently discarded, the message will be sent to r3. 
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vertex in Figure [3] all have the identical input. Specifically, the input at the nodes represented by 
vertex L is m, and the input is shown in a rectangle next to vertex L in Figure [3} Similarly, input 
at nodes represented by the other vertices is also shown in the figure. 



Let us define: 



Nr 



set of incoming neighbors of L in R U C 
set of incoming neighbors of R in L U C 



By assumption, \Nl\ < / and \Nr\ < f. 

We now show how the behavior of a certain subset of vertices in J\f is identical to the behavior 
of corresponding nodes in the original network G. In each case, we consider partition L, R, C, F of 
V. 

• Case 1: Nodes in Nr are faulty, and the other nodes in V are fault-free: We can model the 
fault-free nodes by the corresponding nodes in LI, R, CI and Fl in N . An instance of the 
behavior of faulty nodes in Nr is modeled by corresponding nodes in L, LI, C and CI. Since 
the fault-free nodes in L,C,R,F must agree on value M in G, the nodes represented by R in 
N will also terminate with output M. 

• Case 2: Nodes in Nl are faulty, and the other nodes in V are fault-free: We can model the 
fault-free nodes by the corresponding nodes in L, R2, C2 and F2 in M. An instance of the 
behavior of faulty nodes in Nl is modeled by corresponding nodes in R, R2, C and C2. Since 
the fault-free nodes in L, C, R, F must agree on value m in G, the nodes represented by L in 
M will also terminate with output m. 

• Case 3: Nodes in set F are faulty, and the other nodes in V are fault-free: We can model 
the fault-free nodes inV — F = LL)CUR by the corresponding nodes in L, C, R in N . An 
instance of the behavior of faulty nodes in F is modeled by the behavior of Fl and F2. Since 
the fault-free nodes in L, C, R must agree on a common value in G, nodes represented by L 
and R will also terminate with agreement on an identical value. However, this contradicts 
with Cases 1 and 2, which conclude that nodes in R and L output M and m, respectively. 

The above contradiction proves that the condition in Theorem 1 is necessary. □ 
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Figure 3: Augmented Network Af 
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